In the latest crypto heist targeting decentralized finance (DeFi), hackers have stolen around $160 million worth of digital assets from the crypto trading firm Wintermute.
The hack involved a series of unauthorized transactions that transferred USD Coin, Binance USD, Tether USD, Wrapped ETH and 66 other cryptocurrencies to the attacker’s wallet.
The company said its centralized finance (CeFi) and over-the-counter (OTC) operations have not been affected by the security incident. It does not reveal when the hack took place.
The digital asset market maker, which provides liquidity to several exchanges and crypto platforms, warned of disruptions to its services in the coming days, but stressed that it is “solvent with twice as much equity left.”
“We are (still) open to processing[ing] this as a white hat, so if you are the attacker – get in touch,” the company’s founder and CEO, Evgeny Gaevoy, so in a tweet.
Details of the exact exploit method used to perpetuate the hack are currently unknown, though Gaevoy said the attack was likely caused by a “banner-like exploit” in the trading wallet.
Wintermute further acknowledged that it used Profanity, an Ethereum address generation software, along with an internal tool to generate addresses with lots of leading zeros as recently as June.
The open source project is currently abandoned by its anonymous maintainer, who goes by the name johguse, citing “fundamental security issues in private key generation.”
Incidentally, banning also came into the spotlight last week after decentralized exchange (DEX) aggregator 1inch Network disclosed a vulnerability that could be abused to recalculate the private wallet keys from addresses created using the tool.
Subsequently, the attack vector was exploited by malicious actors to siphon $3.3 million from Ethereum addresses created with Profanity on September 16, 2022.
The Wintermute breach is the latest attack on DeFi protocols, including that of Axie Infinity, Harmony Horizon Bridge, Nomad and Curve.Finance in recent months. Some of these thefts have been attributed to the North Korea-backed Lazarus Group.
According to a report by Bishop Fox published in May 2022, security incidents affecting DeFi platforms resulted in losses of $1.8 billion in 2021 alone, with the services experiencing an average of five hacks per month.
“In most cases, the attack came from a vulnerability in Smart Contracts or in the logic of the protocol itself,” the company noted. “Another important vector was the compromise between wallets and their private keys.”